On 7/15/2014 6:45 AM, Tom Eastep wrote: > On 7/14/2014 5:25 PM, [email protected] wrote: >> >> Hi >> >> I've been having a heck of a time getting this straight, and could use a >> hand. Any help would be appreciated! >> > , options [mss 1460,nop,wscale 3,sackOK,nop,nop,nop,nop,TS val 13 ecr > 0], length 0 >> >> I must have missed something in the setup. :-/ >> >> Any help here? How to I get this traffic INBOUND, over the VPN and to/from >> the mailserver? >> > > You are making this way too hard. > > On the VPS: > > a) /interfaces: > > vpn1 tun+ - > > b) Delete the /hosts entry > > c) In your VPN setup, establish a route to 192.168.1.0/24 through the VPN. > > d) Configure these in /rules: > > DNAT net vpn1:192.168.1.50 tcp 25 A.A.A.1 > ACCEPT vpn1:192.168.1.50 net tcp 25 > > f) Configure this entry in /masq. This will ensure that SMTP connections > from the mail server are sent from the VPS with the proper address. > > eth0 192.168.1.50 A.A.A.1 tcp 25 > > On the HOME/OFC firewall: > > a) /rules > > ACCEPT vpn1 loc:192.168.1.50 tcp 25 > ACCEPT loc:192.168.1.50 tcp 25
Unless the default route from the VPS is redirected through the VPN during OpenVPN startup, you probably need this DNAT rule rather than the second ACCEPT rule to make outgoing SMTP connections work correctly: DNAT loc:192.168.1.50 vpn1:172.20.0.1 tcp 25 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
